Just received a mail from the States and avast Network Shield alerted for this: URL: Mal for a link that it redirected to: http://wXw.foxs.news.rushnews.com/2/?s=If → this again going to Contact: info at siteurl dot com
Is this a correct detection? redirecting to: htxps://auctions.godaddy.com/trpItemListing.aspx?miid=90680638
No detection here: http://zulu.zscaler.com/submission/show/34ae9327902c66dad727e11e08c3e4bb-1360793373
or for IP: http://www.ipvoid.com/scan/64.239.114.99/
polonus
The original link in the mail was: htxp://www.alessandrojeni.it/slhnuv.php?s=lf
Malcode see attached image…
also see eval_delayer on code via http://jsunpack.jeek.org/?report=094fb9b16469b1ab5fd363eedd28479581bf02d6
(for security researchers - visit only with NoScript active and in a VM)
polonus
That the IP has domains of questionable reputation and with a malware history can be concluded from this survey: http://support.clean-mx.de/clean-mx/viruses.php?ip=62.149.142.52&sort=response%20desc (all closed or dead)
and also → http://urlquery.net/report.php?id=453967 with an IDS alert for
ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 2)a Blackhole and other such fun indication: http://lists.emergingthreats.net/pipermail/emerging-sigs/2012-July/019924.html
polonus
The original link in the mail was: htxp://www.alessandrojeni.it/[b]slhnuv.php[/b]?s=lfNorman lab confirms infected
detection added - slhnuv.php - Redirector.ID